The Security Threat Risk Analyst's role in driving the development and implementation of a comprehensive, ongoing, and sustainable information / cyber security risk management program (SRMP) is essential to providing Board of Directors, Executive Management, and regulators with the insight they require on the information security risks faced by the company.
Likely candidate will have spent several years (5-7 years) in senior analyst or consultant roles, focusing on cybersecurity within sectors that handle sensitive data, like finance, healthcare, or insurance.
Role Responsibilities:
Champion the Information/cyber security risk management program (SRMP) - 50% • Act as the in-house expert in information/cyber security risk management for the Wilton Re Group • Conduct in-depth analysis of the current threat and risk landscape in the cybersecurity industry, especially as it pertains to the life insurance sector. • Draft detailed reports on industry-specific threats and risks, providing insights into trends, future projections, and potential impacts on the organization. • Develop expertise in Cloud risks and ensure appropriate policies and procedures are implemented to mitigate such risks. • Use threat modeling and current threat intelligence to guide risk management strategies in software development and acquisition. • Foster relationships with key Wilton Re business teams, partners, regulators and industry associations • Ensure ISP Policy framework across the Wilton Re Group includes appropriate SRMP materials (i.e. Policy, Standards Guidelines, and Operating processes & procedures) • Effectively consult on, communicate and advocate necessary actions to address control weaknesses and / or emerging information /cyber security control challenges identified • Research new ways & means to protect the information assets of the Wilton Re Group and remain aligned with Regulatory directions
SME Communications - 30% • Develop and define key performance indicators related to cybersecurity threats and risks for the organization. • Ensure these KPIs effectively measure the organization's security posture and align with business objectives and Board expectations. • Analyze threat intelligence feeds and create understandable briefings for senior executives and the Board, focusing on significant risks and action plans. • Tailor communication to meet the needs of an executive audience and other key stakeholder, emphasizing strategic implications and business impacts. • Design and drive the implementation of needed components into the company-wide information security /cyber security risk management education, awareness and training program.
Business Continuity - 20% • Ensure information /cyber security event & Incident response plan is capable of responding efficiently and effectively to security events/incidents up to and including critical data breach • Plan, drive and organize the periodic simulation / testing of the (CSIRP) at both the organizational and technical /technology level.
Basic Qualifications:
10 + years in Information / Cyber Security & Risk Management positions or related roles such as ERM, ORM and/or Audit and /or other business roles
Technical Proficiency: Deep understanding of cybersecurity frameworks (like NIST, MITRE ATT&CK, OWASP), cloud security, software development security, and threat modelling.
Strategic Thinking: Ability to analyse complex threat landscapes and develop comprehensive strategies aligned with business objectives.
Communication Skills: Exceptional ability to communicate technical concepts to non-technical audiences, including senior executives and board members.
Leadership: Experience in leading projects and facilitating teams, with a focus on collaboration and stakeholder engagement.
A commitment to ongoing professional development and continuous process improvement.
Required Education / Certifications:
Bachelor Degree in a relevant area of study
CRISC, CISM, CISA, CCSP, and CISSP certifications preferred
Pay/Location
Base salary range for this position in Connecticut is between $140,000 and $180,000. Please note that specific compensation decisions are based upon a variety of job-related factors as permitted by law, including geographic location, credentials, skills, education, training and experience.
Wilton Re strives to attract, develop, and retain a diverse workforce. We are committed to providing an inclusive and accessible work environment where all associates feel valued, respected, and supported. Our commitment to inclusivity is reflected in the safeguards, policies and commitments we have in place to remove barriers and provide equal opportunities to prospective and current associates, without discrimination. A Human Resources representative is available to consult with applicants who require accommodation in the application or recruitment process. Any information shared by the applicant about an accommodation will be treated as confidential.
To All Recruitment Agencies: Please do not send any resumes or solicitations regarding open positions to Wilton Re employees unless you have been requested to work on this position or other positions with Wilton Re; please reach out to your main point of contact. Wilton Re is not responsible for any fees related to unsolicited resumes.